«! 



(19) 



J 



mmm 



(12) 



Europdisches Patentamt 
European Patent Office 
Office europgen des brevets (1 1 ) EP 0 746 126 A2 

EUROPEAN PATENT APPLICATION 



(43) Date of publication: 

04.12.1996 Bulletin 1996/49 

(21) Application number: 96108354.0 

(22) Date of filing: 24.05.1996 



(51) Int. CI. 6 : H04L9/08 



(84) Designated Contracting States: 


(72) Inventors: 


DE FR GB 


• Saito, Makoto 




Tama-shi, Tokyo (JP) 


(30) Priority: 02.06.1995 JP 136808/95 


• Okazaki, Sholchl 




Chiyoda-ku, Tokyo (JP) 


(71) Applicants: 




• MITSUBISHI CORPORATION 


(74) Representative: Neidl-Stippler, Cornelia, Dr. 


Chiyoda-ku Tokyo 100 (JP) 


Rauchstrasse 2 


. MITSUBISHI ELECTRIC CORPORATION 


81679 Mflnchen (DE) 


Tokyo 100 (JP) 





CM 
< 

CO 
CM 

CO 



(54) System for data copyright management using key distribution 

(57) A data copyright management system is pro- 
vided, in which a primary user edits a received data and 
supplies the edited data to a secondary user. 

The copyright management system comprises a 
database and a key control center and uses a primary 
copyright label, a primary use permit key including a 
first crypt key, a secondary use permit key. a third crypt 
key. and a copyright management program. 

The primary user decrypts the copyrighted primary 
data, which is encrypted using the first crypt key and 
supplied, to plaintext using a primary use permit key 
obtained from the key control center and utilizes it. In 
case the copyrighted primary data is stored in a primary 
user device, it is re-encrypted using the primary use 
permit key. 

The primary user receives a secondary use permit 
key for editing the copyrighted primary data from the key 
control center and edits the copyrighted primary data. 
The data under editing is encrypted using the second- 
ary use permit key and is stored. 

When edit has been completed, the primary user 
receives a third crypt key for secondary exploitation 
right as the secondary copyright from the key control 
center, encrypts the edited data using the third crypt key 
and distributes it to the secondary user. 

The secondary user receives the third crypt key 
from the key control center and utilizes the edited data. 

The third crypt key may be generated by the pri- 
mary user or by the key control center 
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Description 

BACKGROUND OF THE INVENTION 

The present invention relates to a system, which 
manages copyright in utilization of digital data. i.e. cop- 
yrights in display, storage, copying, editing and transfer 
of digital data. 

BACKGROUND TECHNIQUE 

In the information-oriented society of today, satellite 
broadcasting using broadcasting satellite (BS) or com- 
munication satellite (CS) or cable television (CATV) 
broadcasting using coaxial cable or optical fiber cable 
are being propagated in addition to ordinary terrestrial 
broadcasting. 

In the satellite broadcasting or CATV broadcasting, 
which can distribute information to several tens of chan- 
nels at the same time, scrambled channels for broad- 
casting motion pictures, sports or music programs, 
which cannot be viewed by comprehensive contract, are 
provided in addition to general non-scrambled chan- 
nels, which can be viewed under comprehensive con- 
tract. To view the scrambled channel, it is necessary to 
subscribe for descrambling. Because the period of such 
subscription is usually as about one month, it is not pos- 
sible to view the programs on such channels at any 
desired time. 

To solve the above problems, M. SAITO has pro- 
posed a system in JP-A 6-46419 and JP-A 6-141004, 
by which a user can receive a viewing permit key from a 
charging center through communication fine and can 
view programs by descrambling each program, scram- 
bled by different scrambling pattern, using the viewing 
permit key, and is charged for programs at the same 
time, and has also proposed an apparatus for such a 
system in JP-A 6-132916. 

In the above system and apparatus, a user 
requests for viewing the scrambled program to a charg- 
ing center via communication line using a communica- 
tion device. Upon receipt of the request for viewing, the 
charging center sends a permit key to the communica- 
tion device. At the same time, the fee for viewing is 
charged and is collected from the user. 

Upon receipt of the permit key via the communica- 
tion device, the user provides the permit key to a receiv- 
ing device by direct means connecting the 
communication device with the receiving device or by 
indirect means such as flexible disk. The receiving 
device uses the permit key thus received and descram- 
bles the program. 

As an application of the above system and appara- 
tus. JP-A 6-132916 also describes a system and an 
apparatus, by which a tape or a disk having a plurality of 
data, scrambled by a different scrambling pattern 
respectively, recorded on it can be sold or lent, and the 
specific data can be utilized using a permit key supplied 
via IC card or the like. 



In the information-oriented world of today, computer 
communication networks are now organized to utilize 
the data. Such communication networks include a local 
network called LAN (Local Area Network), a national 

5 network called WAN (Wide Area Network) or an interna- 
tional network called Internet. These networks utilize 
various types of data, which have been stored inde- 
pendently by each computer in the past. 

On the other hand, a new technique to digitize infor- 

10 mation has been developed, by which television moving 
picture signals can be compressed to reduce the 
amount of information, which was not possible to digi- 
tize in the past because amount of information is enor- 
mously increased when digitized. For the digitization of 

is information, a number of standards have been formu- 
lated, including H.261 standard for video conference, 
JPEG (Joint Photographic Image Coding Experts 
Group) standard for still picture, MPEG 1 (Moving Pic- 
ture Image Coding Experts Group 1) standard for image 

20 accumulation, and MPEG 2 standard used for wide 
application from current television broadcasting to high 
definition television broadcasting. 

The digitization technique utilizing the image com- 
pression technique is not only used for television broad- 

25 casting or video image recording but also used for 
handling television moving picture data which could not 
be handled by computer. Attention is now focused on 
"multimedia system** as future technique, which can 
handle various types of data by computer and digitized 

30 television moving picture data at the same time. 

The multimedia system is also incorporated in data 
communication and is utilized as one of the data on 
database. 

With the utilization range of the database being 
35 expanded than ever, important problems arise such as 
the problem of how to charge the fee for data utilization 
from the database, the problem of copyrights related to 
copying or transfer of data other than those directly uti- 
lized, or the problem of secondary exploitation right 
40 associated with secondarily generated copyrights in 
data editing. 

To ensure perfect editing of charging and copy- 
rights, it is necessary to take such measure that data 
cannot be utilized by those other than the authorized 
45 users, and the best means for this purpose is to encrypt 
the data. 

In the television systems or database systems as 
described above, a crypt key is needed to encrypt the 
data and to decrypt and utilize the encrypted data, and 
so a crypt key must be delivered to the user, while the pro- 
cedure is very complicated because perfect security 
and reliability must be assured. 

In the present invention, cryptology is very impor- 
tant. First, description will be given on the cryptography 
55 in general. 

In the cryptography, the encryption to encrypt a 
plaintext M using a crypt key K and to obtain a crypto- 
gram C is expressed as: 
C = E (K. M) 
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and decryption to obtain a plaintext M from the crypto- 
gram C using a crypt key K is expressed as: 
M = D (K, C). 

Further, M. SAITO has proposed a concrete 
arrangement of a data copyright management system in s 
JP-A 6-64889. 

In this system, in order to manage copyrights in dis- 
play (including the process to turn to audio signal), 
store, copy, edit and transfer of digital data in a data- 
base system including real-time transmission of digital 10 
picture, either one or more of the program to manage 
the copyrights, copyright information or the copyright 
management message are transmitted, when neces- 
sary, in addition to a permit key to allow the user to uti- 
I ize the encrypted data. 1 5 

When the user attempts to utilize the data other 
than the condition of the permission or of request, a 
copyright management message is displayed on the 
screen, notifying caution or waning to the user. The cop- 
yright management program watches and manages in 20 
such manner that no utilization of data is performed, 
which is against the condition of request or permission. 

The data is encrypted and supplied and is then 
decrypted using a permit key and is utilized. When the 
data is stored in a device, is copied to a medium other 25 
than the device, or is transferred outside the device, re- 
encryption is performed. Also, a permit key is provided 
for each utilization such as display/using, storing, copy- 
ing, editing, transferring, etc. 

30 

SUMMARY OF THE INVENTION 

The system according to the present invention 
comprises a database, a key control center, a primary 
user, a secondary user, and a network system, which 35 
connects these with each other. A primary copyright 
label, a primary use permit key including a first crypt 
key. a secondary use permit key including a second 
crypt key, a secondary copyright label, a third crypt key, 
and a copyright management program are used. 40 

When a plaintext copyrighted primary data is sup- 
plied to a primary user, the data is encrypted using a 
first crypt key. When the primary user wishes to utilize 
the encrypted copyrighted primary data, the user 
requests distribution of a permit key for primary utiliza- 45 
tion via a network system to a key control center. When 
the request for distribution of the permit key for primary 
utilization is received from the primary user, the key 
control center sends the permit key for primary utiliza- 
tion to the primary user and charges the fee. so 

Using a first crypt key including in the received pri- 
mary use permit key. the primary user decrypts the 
encrypted copyrighted primary data. In case the plain- 
text copyrighted primary data is stored in a device of the 
primary user, the data is re-encrypted using the primary 55 
use permit key. 

When the primary user wishes to utilize the copy- 
righted primary data, the primary user requests the dis- 
tribution of a secondary use permit key for editing the 



plaintext copyrighted primary data to the key control 
center via the network system. The key control center 
sends the secondary use permit key to the primary user. 

Upon receipt of the secondary use permit key. the 
primary user copies the copyrighted primary data and 
edits the copy of the copyrighted primary data. When 
the plaintext copyrighted secondary data which is the 
copyrighted primary data under editing is stored in the 
device of the primary user, the data is encrypted using 
a second crypt key included in the secondary use per- 
mit key. When the final edited data is stored in the 
device of the primary user, the data is encrypted using 
a third crypt key. 

As a result of secondary processed data which is 
secondary data edition of the copyrighted data, the pri- 
mary user now possesses the secondary exploitation 
right as secondarily generated copyright In order to 
execute the secondary exploitation right, the third crypt 
key is registered at the key control center. The 
encrypted copyrighted secondary data obtained by 
encryption of the plaintext copyrighted secondary data 
using the third crypt key is sent to the secondary user by 
copying it to an external storage medium or by transfer- 
ring it via the network system. 

The secondary user who wishes to utilize the 
encrypted copyrighted secondary data requests distri- 
bution of the third crypt key to the key control center. 
Upon receipt of the request for distribution of the third 
crypt key, the key control center sends the third crypt 
key to the secondary user via the network system. 

When the secondary user receives the third crypt 
key, the secondary user decrypts the encrypted copy- 
righted secondary data by third crypt key. and utilizes it. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a block diagram of an embodiment of a 
data copyright management system according to 
the present invention; 

Fig. 2 is a schematical block diagram of an embod- 
iment of a system managing data copyrights 
according to the present invention; 
Fig. 3 is a conceptual drawing for explaining limita- 
tion of primary utilization executed by a copyright 
management program Pc in the present invention; 
Fig. 4 represents a conceptual drawing for explain- 
ing limitation of utilization of data editing executed 
by a copyright management program Pc in the 
present invention; and 

Fig. 5 is a block diagram for explaining a process for 
producing new copyrighted data from a plurality of a 
copyrighted data as objects. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

In the following, description will be given on an 
embodiment of the present invention referring to the 
drawings. 
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First description will be given on the embodiment 
structure of a data copyright management system 
according to the present invention. 

A system shown in Fig. 1 comprises a database 1. 

a key control center 2, users 3, 3, 3 and a network s 

system 4, which connects these with each other. To the 
database 1, data is supplied from information providers 

(IP) 5, 5. 5, In some cases, the data is supplied to 

the user directly from the information providers 6, 6, 

6 via the network system 4 without going through 10 

the database 1. 

The data utilized in the present embodiment are 
objects where program and data are combined 
together. 

The users 3 are not mere utilizers, but can be infor- is 
mation providers 5 or 6, who provide secondary exploi- 
tation works, i.e. newly produced copyrighted works, by 
combining or modifying a plurality of copyrighted data, 
which they received. 

In the data copyright management system accord- 20 
ing to the present invention as described above, each of 
the copyrighted data provided from the information pro- 
viders 5 and 6 is encrypted to protect the copyright 
Therefore, when the user 3 received the encrypted cop- 
yrighted data, it must be decrypted to be utilized. For 25 
this purpose, all crypt keys are deposited to the key con- 
trol center 2 in this system and are under the control of 
the key control center 2. 

The cryptosystem adopted by each of the informa- 
tion providers 5 and 6 may be freely chosen, while the 30 
cryptosystem to be used in the secondary exploitation 
as secondarily utilizing data and after as described later 
is limited to the system adopted by the key control 
center. 

The data from the database is generally utilized 35 
using personal computers, and the OS used in these 
personal computers must have security processing 
incorporated in it. For the control of crypt keys, the cop- 
yright management program is used. For the storage of 
the copyright management program and the crypt keys 40 
received from the key control center 2, "key cards" real- 
ized as software on memory or HDD or realized as 
hardware in form of a unique board, PC card, etc. are 
prepared as the storage area. 

The key control center stores the crypt keys for pro- 45 
tection of copyright of data and for charging fees for uti- 
lization of the copyright regardless of whether the data 
is actually utilized or simply registered and not utilized, 
and controls the crypt keys by coordinating the stored 
keys with copyright labels. so 

Fig. 2 represents a schematical configuration of an 
embodiment of a data copyright processing system 
according to the present invention, in which a primary 
user receiving data from an information provider edits 
the received data and supplies the edited data to a sec- 55 
ondary user. 

In this system, a plaintext copyrighted primary data 
D1, an encrypted copyrighted primary data ED1i, a 
plaintext copyrighted secondary data D2, an encrypted 



copyrighted secondary data ED2j, a plaintext primary 
copyright label Lc1 , a primary use permit key K1 includ- 
ing a first crypt key K1i, a secondary utilization permit 
key K2, a third crypt key K3j, and a plaintext copyright 
management program Pc are used. 

This system comprises a database 11, a key con- 
trol center 12, a primary user 13, a secondary user 19, 
and a network system 14 for connecting these with each 
other. 

To the database 1 1 , data are supplied from informa- 
tion providers 15, 15, 15 In some cases, the data 

may be supplied to the user 1 3 from the information pro- 
viders 16, 16. 16 via the network system 14 or 

directly via an information recording medium 17 such as 
CD-ROM from the information providers 16 without 
going through the database 1 1 . 

In this figure, solid lines represent paths of plaintext 
data, broken lines represent paths of encrypted data, 
and dotted lines represent paths of keys. 

In this system, the plaintext copyrighted primary 
data D1 i is supplied to the primary user 1 3 under the the 
copyrighted primary data ED1 i encrypted using the first 
crypt key K1i: 

ED1i = E(K1i. D1i) 
from the information provider 1 5 via the network system 
1 4 through the database 1 1 , or from the information pro- 
vider 16 via the network system 14, or via an informa- 
tion recording medium 17 such as CD-ROM. 

The primary user 13 who wishes to utilize the 
encrypted copyrighted primary data ED1i thus supplied 
requests distribution of a primary use permit key K1 by 
presenting a primary copyright label Lc1 to the key con- 
trol center 12 via the network system 14. 

Upon receipt of the request for distribution of the 
primary use permit key K1 from the primary user 13. the 
key control center 12 searches the primary use permit 
key K1 using the presented primary copyright label Lc1 
and sends the primary use permit key K1 to the primary 
user 13 via the network system 14 and charges the fee 
at the same time. 

The primary user 13 decrypts the encrypted copy- 
righted primary data ED1i using the first crypt key K1i 
included in the received primary use permit key K1 

D1i = D(K1i, ED1i) 
and utilizes it. 

In case the decrypted plaintext copyrighted primary 
data D1i is stored in a device of the primary user 13, it 
is re-encrypted using the first crypt key K1i 

ED1i = E (K1i, D1i). 
and the re-encrypted copyrighted primary data ED1i is 
stored. 

In case the re-encrypted copyrighted primary data 
ED1i is to be utilized again, the encrypted copyrighted 
primary data ED1i is re-decrypted and re-encrypted. 

The primary user 13, who wishes to edits the plain- 
text copyrighted primary data D1i, requests distribution 
of the secondary use permit key K2 for edit of the plain- 
text copyrighted primary data D1i to the key control 
center 12 via the network system 14. 
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Upon receipt of the request for distribution of the 
secondary use permit key K2. the key control center 12 
sends the secondary use permit key K2 to the primary 
user 13 via the network system 14. 

When the secondary use permit key K2 is received, 5 
the primary user 13 edits the plaintext copyrighted pri- 
mary data D 1 i according to the content of the permit key 
and obtains the plaintext copyrighted secondary data 
D2j. 

In case the plaintext copyrighted secondary data io 
D2j is to be stored in a device of the primary user 1 3, the 
plaintext copyrighted secondary data D2j is encrypted 
using the second crypt key K2: 
ED2j - E (K2, D2j). 

15 

When the completion of the edit, the primary user 
13 generates a third crypt key K3j in order to execute 
the secondary exploitation right for data edit of the cop- 
yrighted secondary data, and the third crypt key K3j 
thus generated is registered at the key control center 20 
12. The third crypt key may not be generated by the pri- 
mary user 13, but it may be prepared and distributed by 
the key control center at the request of the primary user 
13. 

In case the primary user 13 copies the plaintext 25 
copyrighted secondary data D2j to an external storage 
medium 1 8 or transfers it via the network system 1 4, the 
plaintext copyrighted secondary data D2j is encrypted 
using the third crypt key 

ED2j = E (K3j. D2j), 30 
and the encrypted copyrighted secondary data ED2j is 
supplied to a secondary user 19. 

The secondary user 19, who wishes to utilize the 
encrypted copyrighted secondary data ED2j thus sup- 
plied, requests distribution of the third crypt key K3j to 35 
the key control center 12 via the network system 14. 

Upon receipt of the request for distribution of the 
third crypt key K3j from the secondary user 19, the key 
control center 12 sends the third crypt key K3j to the 
secondary user 19 via the network system 1 4. 40 

When the third crypt key K3j is received, the sec- 
ondary user 19 decrypts the encrypted copyrighted sec- 
ondary data ED2j using the third crypt key K3j 

D2j = D (K3j, ED2j) 
and utilizes it. 45 

In case the encrypted copyrighted secondary data 
ED2j is to be utilized again, the encrypted copyrighted 
secondary data ED2j is decrypted and encrypted using 
the third crypt key K3j. 

In the following, detailed description will be given on so 
acquisition of the copyrighted primary data, primary uti- 
lization of the copyrighted primary data, edit of the cop- 
yrighted primary data to the copyrighted secondary 
data, supply of the edited copyrighted secondary data, 
and utilization of the copyrighted secondary data. ss 

In this system, a plurality of plaintext copyrighted 
primary data D1i are supplied to the primary user 13 
with the encrypted copyrighted primary data ED1i using 
the first crypt key K1i 
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ED1i =5 E (K1i, D1i) 
together with the plaintext primary copyright label Lc1 
directly from the information provider 16 or via the data- 
base 11. 

The copyright management program Pc manages 
the use of the copyrighted data by the user. More con- 
cretely, the copyrighted data is decrypted and re- 
encrypted using crypt key and utilization of the copy- 
righted data is restricted according to the content of the 
use permit key. 

In this system, a plaintext primary copyright label 
Lcl to be utilized for acquisition of crypt key is attached 
to the encrypted data ED1j. In other words, the 
encrypted copyrighted primary data EDlj comprises a 
plaintext copyright label Lc1 and the encrypted copy- 
righted primary data ED1 i. On the plaintext primary cop- 
yrighted label Lc1, title of the data and name of the 
application program used and the name of the primary 
copyright owner, etc. are entered. 

The primary user 13 who wishes to utilize the 
encrypted copyrighted primary data ED1i thus supplied 
requests distribution of the primary use permit key K1 
by presenting the plaintext primary copyright label Lc1 
to the key control center 12 via the network system 14. 

After confirming that the primary use permit key to 
be distributed is the key K1 using the presented primary 
copyright label Lc1 . the key control center 12 sends the 
primary use permit key K1 thus confirmed to the pri- 
mary user 13 via the network system 14. 

When the primary use permit key K1 is received, 
the device of the primary user 13 is turned to copyright 
management mode, and the primary user 13 is now 
entitled to utilize the copyrighted primary data. 

Because the first crypt key K1 i is included in the pri- 
mary use permit key K1 , the first crypt key K1i is not rec- 
ognized by the primary user 1 3. 

On the other hand, the key control center 12 
charges and collects the fee and identifies the status of 
use of the copyrighted data and the status of utilization 
of database of the primary user 1 3. 

Fig. 3 is a conceptual drawing for explaining restric- 
tion of the primary utilization by the copyright manage- 
ment program Pc in the present invention. 

Similarly to the invention described in Japanese 
prior application No. 6-64889. the primary utilization of 
the data obtained in the data copyright management 
system of the present invention is limited to ordinary uti- 
lization, i.e. direct utilization of the data and output 
including printing of utilization results, and it is not 
allowed to copy the data to an external storage medium 
or to edit and transfer via a network system or in princi- 
ple, to store the data inside the device. However, it is 
possible to store the data with encrypted. 

It is needless to say that the data D other than the 
copyrighted data can be displayed, printed, stored, cop- 
ied, edited or transferred by the application program in 
use. 

In this figure, reference numeral 21 represents a 
storage unit such as a non-volatile semiconductor mem- 
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ory or a hard disk drive incorporated in a device 20 of 
the primary user, reference numeral 22 represents a 
display unit for output, 23 represents a printing unit for 
output, D1 represents a copyrighted primary data, D 
represents a non-copyrighted general data. 24 repre- s 
sents a secondary user, to whom the data is supplied by 
copying via flexble disk or CD-ROM or by transferring 
using a network system. 

In this figure, solid lines represent processing 
routes permitted, and broken lines show processing io 
routes not permitted. 

The encrypted copyrighted primary data ED1i 
acquired by the primary user 13 from external informa- 
tion providers 15 or 16 either directly or via the data 
base 11 is incorporated with a plaintext primary copy- is 
right label Lcl supplied together-with and is stored in a 
storage unit 21 of the primary user device 20. 

The primary user 13 who wishes to utilize the 
encrypted copyrighted primary data ED1i stored in the 
storage unit 21 refers to general description of the 20 
encrypted copyrighted primary data ED1i and a plain- 
text primary copyright label Lc1 shown information of 
application program used by the encrypted copyrighted 
primary data ED1i using the copyright management 
program Pc. and identifies the using environment of the 25 
encrypted copyrighted primary data ED1i such as pres- 
ence or absence of an application program used for 
preparation of the encrypted copyrighted primary data 
ED1i. 

As a result, it is judged that the encrypted copy- 30 
righted primary data ED1 i can be utilized. When the pri- 
mary user 1 3 inputs request for the use of the encrypted 
copyrighted primary data ED1i to the copyright man- 
agement program Pc, the copyright management pro- 
gram Pc starts the application program used by the 35 
encrypted copyrighted primary data ED1i and reads the 
encrypted copyrighted primary data ED1i from the stor- 
age unit 21 to memory in the primary user device 20. 

On the other hand, the plaintext copyright label Lcl 
is sent to the key control center 12, and the primary use 40 
permit key K1 is supplied to the primary user in accord- 
ance with the processing flow already described. The 
encrypted copyrighted primary data ED1i is decrypted 
to the plaintext copyrighted primary data D1i, using the 
first crypt key K1 i included in the primary use permit key 45 
K1 

D1i = D (K1i, ED1i), 
and it can be used by the started application program. 

In case the plaintext copyrighted primary data D1i 
on memory of the primary user device 20 is to be stored so 
in the storage unit 21, the plaintext copyrighted primary 
data D1 i is re-encrypted using the first crypt key K1 i 

ED1i a E (K1i, D1i), 
and it is stored. 

The storage includes producing and storing tempo- 55 
rary file for data maintenance. 

In case the re-encrypted data ED1 i is to be re-used, 
re-decryption and re-encryption are performed using 
the first crypt key K1i. 



The utilization other than displaying and printing, 
storage or editing, i.e. copying to an external storage 
medium or transfer to other device, of the plaintext cop- 
yrighted primary data D1 or the encrypted copyrighted 
primary data ED1i are prohibited by the copyright man- 
agement program Pc. 

As already described, in the data copyright man- 
agement system of the present invention, the utilization 
of the obtained copyrighted data is limited to ordinary 
modes of utilization, i.e. direct utilization by displaying 
the data on the display unit 22 or output of the utilization 
results by the printer 23. Copying of the data to an exter- 
nal storage medium or transfer of the data to the sec- 
ondary user 24 via the network system and editing the 
data are prohibited by the copyright management pro- 
gram. 

Therefore, it is not allowed to cut and paste a part of 
the copyrighted primary data D1i to the other data D or 
to cut and paste a part of the other data D to the copy- 
righted primary data D1i. The copyrighted primary data 
D1i can be stored to the storage unit 21 exceptionally if 
it is in the encrypted state using the first crypt key K1i, 
but it cannot be stored in case it has been edited. 

In the data copyright management system of the 
present invention, distinguishing the copyrighted pri- 
mary data D1 from general data D and determing as to 
whether the copyrighted data has been edited or not are 
performed by the copyright management program Pc. 

Computer file comprises a data file main unit and a 
management table entered attributes of the data file. 
Therefore, by investigating the management table, it 
can be judged whether the file is the copyrighted data or 
not. On this management table, data file size and date 
and time of produced are entered. By investigating 
these in the management table, it can be judged 
whether the file has been edited or not. 

When stored in the storage unit 21, the copyrighted 
primary data D1i is to be encrypted and coupled with 
the primary copyright label Lcl. When the data is 
decrypted and is read on memory, the copyrighted pri- 
mary data Dli and the primary copyright label Lcl are 
separated from each other by the copyright manage- 
ment program, and the separated copyright label Lc1 is 
managed by the copyright management program Pc. 

The copyright management program watches by 
which application program the copyrighted primary data 
Dli is used and prohibits "cut and paste" of the copy- 
righted primary data D1i to the non-copyrighted general 
data D and "cut and paste" of the non-copyrighted gen- 
eral data D to the copyrighted primary data D1i. 

Fig. 4 is a conceptual drawing for explaining restric- 
tion of utilization in the data editing executed by the cop- 
yright management program Pc in the present 
invention. 

The primary user 13 who wishes to edit the plain- 
text copyrighted primary data D1i, in the primary utiliza- 
tion, notifies the key control center via the network 14 
that the plaintext copyrighted primary data D1i is to be 
edited and requests distribution of the secondary use 
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permit key K2 necessary for the edit of the plaintext cop- 
yrighted primary data D1i to the key control center 12 
via the network system 1 4. 

Upon receipt of the request for distribution of the 
secondary use permit key K2 from the primary user 13, 5 
the key control center 12 sends the secondary use per- 
mit key K2j to the primary user 13 via the network sys- 
tem 14. 

As a result, the primary user device 20 of the pri- 
mary user 1 3 is turned to edition mode, and the primary 10 
user 1 3 can edit the encrypted copyrighted primary data 
EDIi. 

The primary user 13 decrypts the encrypted copy- 
righted primary data ED1i to the plaintext copyrighted 
primary data D1i using the first crypt key K1i and dis- is 
plays it on the display unit 22 and edits the data. To pro- 
tect the copyright of the copyrighted primary data at 
first, the plaintext copyrighted primary data D1i for edit- 
ing is copied, and the plaintext copyrighted primary data 
D1 i* for edit obtained by this copying is edited. 20 

The primary user 13 decrypts the encrypted copy- 
righted primary data ED1i to the plaintext copyrighted 
primary data D1i to display on the display unit 22, and 
before editing, copies the plaintext copyrighted primary 
data Dli for edit and edits the plaintext copyrighted pri- 25 
mary data for edit Dli 1 obtained by copying. 

In case the plaintext copyrighted primary data for 
edit Dir or the plaintext copyrighted primary data D1P 
under editing is to be stored in the primary user device 
of the user 13, encryption is performed using the sec- 30 
ondary use permit key K2 
ED1i' = E(K2, DIP) 
or ED1i" = E(K2, Dli"), 
and it is stored as the encrypted copyrighted primary 
data ED1 i' or as the encrypted copyrighted primary data 35 
ED1i'\ 

As the encrypted copyrighted primary data ED1i is 
stored in the storage unit 21 without being edited, by 
comparing its management table with file size, pro- 
duced date and time of me plaintext copyrighted pri- 40 
mary data for edit D1 Y or D1 P which has been edited, it 
is judged whether the file is the edited file or not. 

When edit of the data has been completed, the data 
is produced to a plurality of new plaintext copyrighted 
secondary data D2j, and secondary exploitation right as 45 
secondary copyrights is newly generated on the data 
D2j. To protect the secondary exploitation right, the pri- 
mary user 13 who edited the plaintext primary copy- 
righted data D1i requests distribution of the third crypt 
key K3j to the key control center 1 2. Upon receipt of the so 
request for distribution of the third crypt key K3j, the key 
control center 1 2 sends the third crypt key K3j to the pri- 
mary user 13 via the network system 14. 

When the third crypt key K3j is received, the pri- 
mary user 13 encrypts the plaintext copyrighted sec- 55 
ondary data D2j using the third crypt key K3j 

ED2j = E (K3j. D2j), 
and the encrypted copyrighted secondary data ED2j is 
stored in the storage unit 21 of the primary user 13. 



In case the encrypted copyrighted data ED2j is to 
be utilized, decryption and encryption are performed 
using the third crypt key K3j. 

In the plaintext copyrighted secondary data D2j 
edited by the primary user 13. secondary exploitation 
right in data edition of the primary user 13 is present in 
addition to the primary copyright of the plaintext copy- 
righted primary data Dli before editing and owned by 
the information provider. To execute the secondary 
exploitation right, the primary user 13 sends information 
such as title of the data, name of the application pro- 
gram used, outline of the content, name of the primary 
copyright owner, etc. together with the third crypt key 
K3j to the key control center 12. The key control center 
stores and controls these together with the third crypt 
key K3j. 

On the other hand, the primary user 13 supplies the 
encrypted copyrighted secondary data ED2j to the sec- 
ondary user 24 by copying it to an external storage 
medium 18 or by transferring it via the network system 
14. 

The secondary user 24 who wishes to utilize the 
supplied encrypted copyrighted secondary data ED2j 
requests distribution of a use permit key including the 
third crypt key K3j to the key control center 12. 

The utilization of the plaintext copyrighted second- 
ary data D2j using the use permit key including the third 
crypt key K3j is limited to general utilization of the plain- 
text copyrighted secondary data D2j or to storage to the 
user device, and it is not allowed to copy the plaintext 
copyrighted secondary data D2j or the encrypted copy- 
righted secondary data ED2j to an external storage 
medium 18, to transfer it to a third user via the network 
14. or to edit the plaintext copyrighted secondary data 
D2j. 

As described above, the copyrighted data handled 
in the present invention is directed to "object" where 
program and data are integrated, and the object can be 
processed as parts-like through computer programming 
or various types of processings. 

Description will be given now on the case where 
new copyrighted data is prouced utilizing a plurality of 
copyrighted data that are the objects, referring to Fig. 5 
and Fig. 2. 

In Fig. 5, reference numerals 31, 32 and 33 repre- 
sent copyrighted primary data D1 1 . D12 and D13 which 
comprise objects respectively. By utilizing the copy- 
righted primary data D1 1 , D12 and D13, the new copy- 
righted secondary data D2j represented by 30 is 
produced. 

The utilization of the copyrighted data D11, D12 
and D13 include three editorial forms: utilization of 
whole parts such as the copyrighted data D1 1 shown by 
reference numeral 34; utilization of a part such as the 
copyrighted data D12' as shown by reference numeral 
35; and utilization after modifying such as the copy- 
righted data D13* as shown by reference numeral 36. 
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The copyrighted data are edited by linking in object- 
unit, referring, embedding and combining them. Such 
embedding and combining can be performed freely. 

Also, it is possible to add other matters to the copy- 
righted data 37, which has been thus embedded and s 
combined. 

The newly produced copyrighted data D2j in this 
way consists of objects assembly. 

In the plaintext copyrighted secondary data D2j 
thus produced, secondary exploitation right of the pri- w 
mary user 13 who has produced newly arises in addi- 
tion to the copyright of the copyrighted primary data D1 i. 

To execute the secondary exploitation right, it is 
necessary to encrypt the plaintext copyrighted second- 
ary data. For this purpose, the primary user 1 3 prepares 15 
the third crypt key K3j and encrypts the plaintext copy- 
righted data D2j using the third crypt key K3j 

ED2j = E (K3j, D2j). 
and the encrypted copyrighted data ED2j is supplied to 
the secondary user 19 by copying it to an external stor- 20 
age medium 18 or by transferring it via the network 14. 

In order that the tertiary user can easily receive the 
third crypt key K3j, the third crypt key K3j is registered at 
the key control center 12. By registering the third crypt 
key K3j, the secondary exploitation right of the primary 25 
user 13 is recorded at the key control center 12. 

In this case, those sent from the primary user 13 to 
the key control center 12 at this time includes, in addi- 
tion to a plurality of the third crypt keys K3j of which 
number corresponds to the produced plural copyrighted 30 
secondary data, the number of the third crypt keys K3j, 
the second crypt key K2j, the copyrighted primary data 
used, information of the other copyrighted data to which 
the copyright management program is linking, access 
path to the copyrighted data used, application program 35 
used by the copyrighted data used, and explanation of 
the copyright works. 

The secondary user 19 who wishes to utilize the 
encrypted copyrighted secondary data ED2j thus sup- 
plied requests distribution of the third crypt key K3j to 40 
the key control center 12. 

Upon receipt of the request for distribution of the 
third crypt key K3j, the key control center 12 sends the 
third crypt key K3j to the secondary user 19 via the net- 
work system 14. 45 

The secondary user 19 receives the third crypt key 
K3j, decrypts the encrypted copyrighted secondary 
data ED2j using the third crypt key K3j, and utilizes it. 

When the third crypt key K3j is received, the copy- 
right management program Pc attaches the copyright so 
label Lc2j to each copyrighted data D2j so that the sec- 
ondary user can utilize it. 

At this time, the linkage with the copyrighted data, 
which is the object linked with the newly produced cop- 
yrighted data, is released. At the time of the release of ss 
the linkage, the entity of the copyrighted primary data, 
which has had so far relationship as the linkage only, is 
embedded into the encrypted copyrighted secondary 



data ED2j, and allows to distribute as a copyright work 
only through ED2j file. 

In this case, if the encrypted copyrighted secondary 
data ED2j is to be utilized again, decryption and encryp- 
tion are performed using the third crypt key K3j. 

The key control center sends back the third crypt 
key K3j to the requester and charges and collects the 
fee according to the copyright labels Lc1 and Lc2. 

The copyright owner of the copyrighted data can 
change access path of own copyrighted data by apply- 
ing to the key control center. 

The copyright owner of the copyrighted data can 
also edit (modify) own copyrighted data using the third 
crypt key K3j and also can register it using another key. 

Claims 

1 . A data copyright management system, comprising 
a database and a key control center, for managing 
copyrights in case a primary user edits a copy- 
righted primary data received and a seconary cop- 
yrighted data obtained by editing is supplied to a 
secondary user, whereby: 

said copyrighted primary data is encrypted 
using a primary use permit key and is supplied to 
said primary user; 

said key control center sends said primary 
use permit key to said primary user upon receipt of 
a request for distribution of said primary use permit 
key from said primary user who wishes to utilize 
said copyrighted primary data; 

said primary user decrypts said copyrighted 
primary data to plaintext using said received pri- 
mary use permit key and performs primary utiliza- 
tion of the data; 

said primary user who wishes to edit said 
copyrighted primary data receives distribution of a 
secondary use permit key for editing said copy- 
righted primary data from said key control center 
and edits said copyrighted primary data using said 
received secondary use permit key, and the copy- 
righted primary data under editing is encrypted 
using said secondary use permit key to be stored; 

when the edit has been completed, said pri- 
mary user receives distribution of a third crypt key 
for distributing the edited copyrighted secondary 
data from said key control center, and said edited 
data is encrypted using said third crypt key to be 
supplied to a secondary user; and 

said secondary user who wishes to utilize 
said secondary copyrighted data receives distribu- 
tion of said third crypt key from said key control 
center and decrypts said copyrighted secondary 
data using said received third crypt key and utilizes 
it. 

2. A data copyright management system according to 
Claim 1 , wherein edit on said copyrighted primary 
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data by said primary user is performed to a copy of 
said copyrighted primary data. 
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(54) System for data copyright management using key distribution 

(57) A data copyright management system is pro- 
vided, in which a primary user edits a received data and 
supplies the edited data to a secondary user. 

The copyright management system comprises a 
database and a key control center, and uses a primary 
copyright label, a primary use permit key including a 
first crypt key, a secondary use permit key, a third crypt 
key, and a copyright management program. 

The primary user decrypts the copyrighted primary 
data, which is encrypted using the first crypt key and 
supplied, to plaintext using a primary use permit key 
obtained from the key control center and utilizes it. In 
case the copyrighted primary data is stored in a primary 
user device, it is re-encrypted using the primary use 
permit key. 

The primary user receives a secondary use permit 
key for editing the copyrighted primary data from the key 
control center and edits the copyrighted primary data. 
The data under editing is encrypted using the second- 
ary use permit key and is stored. 

When edit has been completed, the primary user 
receives a third crypt key for secondary exploitation 
right as the secondary copyright from the key control 
center, encrypts the edited data using the third crypt key 
and distributes it to the secondary user. 

The secondary user receives the third crypt key 
from the key control center and utilizes the edited data. 

The third crypt key may be generated by the pri- 
mary user or by the key control center. 
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